<!DOCTYPE html>
<html lang="en-us">
  <head>
    <meta charset="UTF-8">
    <title>SVF:Pointer Analysis for C and C++  </title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="stylesheet" type="text/css" href="stylesheets/normalize.css" media="screen">
    <link href='http://fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>
    <link rel="stylesheet" type="text/css" href="stylesheets/stylesheet.css" media="screen">
    <link rel="stylesheet" type="text/css" href="stylesheets/github-light.css" media="screen">
  </head>
  <body>
    <section class="page-header">
      <h1 class="project-name">SVF</h1>
      <h2 class="project-tagline">Pointer Analysis and Program Depedence Analysis in LLVM</h2>
      <a href="https://github.com/svf-tools/SVF" class="btn">View Wiki on GitHub</a>
      <a href="https://www.cse.unsw.edu.au/~ysui/svf.php" class="btn">Download Source Code </a>
      <a href="https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker" class="btn">Download Dockerfile</a>

    </section>

    <section class="main-content">
      <h2>
<a id="what-is-svf" class="anchor" href="#what-is-svf" aria-hidden="true"><span class="octicon octicon-link"></span></a>What is SVF?</h2>

<p><a href="https://github.com/svf-tools/SVF">SVF</a> is a static tool that enables scalable and precise interprocedural dependence analysis for C and C++ programs. SVF allows value-flow construction and pointer analysis to be performed iteratively, thereby providing increasingly improved precision for both. </p>

<h2>
<a id="what-kind-of-analyses-does-svf-provide" class="anchor" href="#what-kind-of-analyses-does-svf-provide" aria-hidden="true"><span class="octicon octicon-link"></span></a>What kind of analyses does SVF provide?</h2>

<ul>
<li>Call graph construction for C and C++ programs</li>
<li>Field-sensitive Andersen's pointer analysis</li>
<li>Sparse flow-sensitive pointer analysis</li>
<li>Value-flow dependence analysis</li>
<li>Interprocedural memory SSA</li>
<li>Detecting source-sink related bugs, such as memory leaks and incorrect file-open close errors.</li>
<li>An <a href= "https://github.com/svf-tools/SVF-EclipsePlugin">Eclipse plugin </a> for visualizing bugs </li>
</ul>

<h2>
<a id="how-to-setup-svf" class="anchor" href="#how-to-setup-svf" aria-hidden="true"><span class="octicon octicon-link"></span></a>License </h2>

GPLv3

<h2>
<a id="how-to-setup-svf" class="anchor" href="#how-to-setup-svf" aria-hidden="true"><span class="octicon octicon-link"></span></a>How to setup SVF?</h2>

<p>Please download the <a href="https://github.com/svf-tools/SVF">source code</a> of SVF and refer to this <a href="https://github.com/svf-tools/SVF/wiki/Setup-Guide#getting-started"> step-by-step guide</a> to setup SVF.</p>

<h2>
<a id="how-to-run-svf" class="anchor" href="#how-to-run-svf" aria-hidden="true"><span class="octicon octicon-link"></span></a>How to run SVF?</h2>

<p>SVF analyzes a program by taking the LLVM IR of the program as its input. Please refer to <a href="https://github.com/svf-tools/SVF/wiki/User-Guide#quick-start">this user guide</a> to run SVF with <a href="https://github.com/svf-tools/SVF/wiki/Analyze-a-Simple-C-Program#an-example">a simple example</a> and generate the <a href="https://github.com/svf-tools/SVF/wiki/User-Guide#analysis-outputs">outputs</a> of each analysis pass in your local machine.</p>

<p>Alternatively, we have also prepared a <a href="http://www.cse.unsw.edu.au/%7Ecorg/svf/SVF.ova">virtual machine image</a> for you to run SVF on any machine with VirtualBox installed. Please refer to this <a href="https://github.com/svf-tools/SVF/wiki/Try-SVF-in-VirtualBox"> step-by-step guide</a> to try SVF in a VM. </p>

<h2>
<a id="how-does-svf-work-internally" class="anchor" href="#how-does-svf-work-internally" aria-hidden="true"><span class="octicon octicon-link"></span></a>References</h2>

<p>Please refer to <a href="https://github.com/svf-tools/SVF/wiki/Technical-documentation">this wiki documentation</a>, <a href="http://www.cse.unsw.edu.au/%7Ecorg/svf/doxygen/">doxygen code manual</a> and the following publications to understand the internal working of SVF.</p>

<p>Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo,Rundong Zhou, Yulong Zhang, Tao Wei, and Long Lu. <a href ="https://arxiv.org/pdf/1906.07327.pdf">SAVIOR: Towards Bug-Driven Hybrid Testing</a>, 41st IEEE Symposium on Security and Privacy (S&ampP'20)</p>

<p>Dae R. Jeong, Kyungtae Kim, Basavesh Shivakumar, Byoungyoung Lee, and Insik Shin. <a href ="https://lifeasageek.github.io/papers/jeong:razzer.pdf">RAZZER: Finding Kernel Race Bugs through Fuzzing</a>, 40th IEEE Symposium on Security and Privacy (S&ampP'19) </p>

<p>Meni Orenbach, Yan Michalevsky, Christof Fetzer, and Mark Silberstein. <a href ="https://www.usenix.org/system/files/atc19-orenbach.pdf">CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves</a>, 2019 USENIX Annual Technical Conference (ATC'19) </p>

<p>Yuxiang Lei and Yulei Sui. <a href ="http://yuleisui.github.io/publications/sas2019a.pdf"> Fast and Precise Handling of Positive Weight Cycles for Field-sensitive Pointer Analysis </a>, 26th International Static Analysis Symposium (SAS'19) </p>

<p>Mustakimur Rahman Khandaker, Wenqing Liu, Abu Naser, Zhi Wang, and Jie Yang. <a href="https://www.usenix.org/system/files/sec19-khandaker.pdf"> Origin-sensitive Control Flow Integrity</a>, 28th USENIX Security Symposium (USENIX Security'19)</p>

<p>Timotej Kapus and Cristian Cadar. <a href ="https://srg.doc.ic.ac.uk/files/papers/segmem-esecfse-19.pdf">A Segmented Memory Model for Symbolic Execution</a>, ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE'19) </p>

<p>Yulei Sui and Jingling Xue. <a href ="http://yuleisui.github.io/publications/tse18.pdf"> Value-Flow-Based Demand-Driven Pointer Analysis for C and C++ </a>, IEEE Transaction on Software Engineering (TSE'18) </p>

<p>Yulei Sui, Hua Yan, Yunpeng Zhang, Jingling Xue and Zheng Zheng. <a href ="http://yuleisui.github.io/publications/jss18.pdf">  Parallel Construction of Interprocedural Memory SSA Form</a>, Journal of Systems and Software (JSS'18)</p>

<p>Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu.<a href="https://chenbihuan.github.io/paper/ccs18-chen-hawkeye.pdf"> Hawkeye: Towards a Desired Directed Grey-box Fuzzer</a>, 25th ACM Conference on Computer and Communications Security (CCS'18)</p>

<p>David Trabish, Andrea Mattavelli, Noam Rinetzky and Cristian Cadar.<a href="https://srg.doc.ic.ac.uk/files/papers/chopper-icse-18.pdf"> Chopped Symbolic Execution</a>, 40th International Conference on Software Engineering (ICSE’18)</p>

<p>Chung Hwan Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, Xiangyu Zhang, and Dongyan Xu <a href ="https://lifeasageek.github.io/papers/kim-minion.pdf">Securing Real-Time Microcontroller Systems through Customized Memory View Switching</a>, The Network and Distributed System Security Symposium (NDSS'18) </p> 

<p>David Gens, Simon Schmitt, Lucas Davi, and Ahmad-Reza Sadegh <a href ="https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_05A-1_Gens_paper.pdf">K-Miner: Uncovering Memory Corruption in Linux</a>, The Network and Distributed System Security Symposium (NDSS'18) </p>

<p>Xiaokang Fan, Yulei Sui and Jingling Xue. <a href ="https://yuleisui.github.io/publications/issta17.pdf">  Boosting the Precision of Virtual Call Integrity Protection with Partial Pointer Analysis for C++ </a>, The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'17) </p>

<p>Yulei Sui and Jingling Xue. <a href ="https://yuleisui.github.io/publications/fse16.pdf">  On-Demand Strong Update Analysis via Value-Flow Refinement</a>, ACM SIGSOFT International Symposium on the Foundation of Software Engineering (FSE'16)</p>

<p>Yulei Sui and Jingling Xue. <a href ="https://yuleisui.github.io/publications/cc16.pdf"> SVF: Interprocedural Static Value-Flow Analysis in LLVM</a>, 25th International Conference on Compiler Construction (CC'16)</p>

<p>Yulei Sui, Peng Di and Jingling Xue. <a href ="https://yuleisui.github.io/publications/cgo16.pdf"> Sparse Flow-Sensitive Pointer Analysis
for Multithreaded Programs</a>, International Symposium on Code Generation and Optimization (CGO'16)</p>

<p>Yulei Sui, Ding Ye, and Jingling Xue. <a href="https://yuleisui.github.io/publications/tse14.pdf"> Detecting Memory Leaks Statically with Full-Sparse Value-Flow Analysis</a>, IEEE Transactions on Software Engineering (TSE'14)</p>

<p>Yulei Sui, Sen Ye and Jingling Xue. <a href = "https://yuleisui.github.io/publications/sas2014.pdf"> Region-based Selective Flow-Sensitive Pointer Analysis</a>, 21th International Static Analysis Symposium (SAS'14) </p>

<p>Ding Ye, Yulei Sui, and Jingling Xue. <a href = "https://yuleisui.github.io/publications/cgo14.pdf"> Accelerating Dynamic Detection of Uses of Undefined Values with Static Value-Flow Analysis</a>, 12th Annual IEEE/ACM International Symposium on Code Generation and Optimization (CGO'14)</p>

<p>Yulei Sui, Ding Ye, and Jingling Xue. <a href = "https://yuleisui.github.io/publications/issta12.pdf"> Static Memory Leak Detection Using Full-Sparse Value-Flow Analysis</a>, 2012 International Symposium on Software Testing and Analysis (ISSTA'12)</p>

<h2>
<a id="contacts" class="anchor" href="#contacts" aria-hidden="true"><span class="octicon octicon-link"></span></a>Contacts</h2>
Any comments, contributions and collaborations are welcomed.
Please contact the authors <a href="mailto:yulei.sui@uts.edu.au">Yulei Sui</a> or <a href="mailto:jingling@cse.unsw.edu.au">Jingling Xue</a> if you have any questions.


    </section>


<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-105021663-1', 'auto');
  ga('send', 'pageview');

</script>
  
  </body>
</html>

